Read Timeout for Quota Constraint
|
Specifies the time in milliseconds that an inquiry to the session repository
for the active user session counts continues before timing out. If the maximum
wait time is reached due to the unavailability of the session repository,
the session creation request is rejected.
Default: 6000 milliseconds
|
Resulting Behavior If Session Quota Exhausted
|
Determines the behavior if a user exhausts the session constraint quota.
This attribute takes effect only if Enable Quota Constraints is enabled. Values
can be:
-
DENY_ACCESS. OpenSSO Enterprise rejects
the login request for a new session.
-
DESTROY_OLD_SESSION. OpenSSO Enterprise
destroys the next expiring existing session for the same user and allows the
new login request to succeed.
Default: DESTROY_OLD_SESSION
|
Exempt Top-Level Admins From Constraint Checking
|
Specifies whether session constraint quotas apply to the administrators
who have the Top-level Admin Role. Takes effect only if the Enable Quota Constraints
attribute is enabled.
Default: NO
The super user defined for OpenSSO Enterprise (com.sun.identity.authentication.super.user) is always exempt from session quota constraint checking.
|
Deny User Login When Session Repository is Down
|
Specifies whether a user can login if the session repository is down.
Takes effect only if the Enable Quota Constraints attribute is enabled.
Default: NO
|
Maximum Session Time
|
Specifies the time in minutes before a session expires and the user
must re-authenticate to regain access. To balance the security requirements
and convenience, consider setting the Max Session Time interval to a higher
value and setting the Max Idle Time interval to a relatively low value.
Default: 120 minutes
|
Maximum Idle Time
|
Specifies the idle time in minutes before a session expires and the
user must re-authenticate to regain access.
Default: 30 minutes
|
Maximum Caching Time
|
Specifies the time in minutes before a session contacts OpenSSO Enterprise
to refresh cached session information. It is recommended that the Maximum
Caching Time should always be less than the Maximum Idle Time.
Default: 3 minutes
|
Active User Sessions
|
Specifies the maximum number of concurrent sessions for a user.
Default: 5
|